I'm confused by a note in your caching howto about managing Zope using an SSL connection:

Apache+ZServer+SSL From the author of this How-To I also got a very good tip for what to do if you want to manage your website via https to avoid sending your unencrypted password over the net: Reverse the setup he describes, i.e. instead of creating a folder "ssl" and making the base of the site root "https://..." create a folder "http" and make the base of the site root "http://..."

Isn't the username/password still sent in clear text (mime-encoded) as soon as you attempt to manage anything in the /http folder because of the unencrytped connection (http://...) specified by the siteroot?

-kevin

Of course you need to use the https protocol! The advantage of the reversed setup is that if you configure it that way then the "natural" way to access the site can be https and http is the special case and not the other way round. Ragnar